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Remarks 

Reconsideration of this Application is respectfully requested. In response to the Non-final 
Office Action mailed March 9, 2005, Applicants submit the following remarks. In the Application, 
claims 1, 2, 4-15, 18-31, 34-46, 49-54, 56-77, 80-87, and 89 are pending. 

For the following reasons, it is submitted that the Application is in condition for allowance, 
and allowance thereof is respectfully requested. 

Acknowledgement of Allowed Subject Matter 

Applicants thank Examiner Jackson for allowing claims 51, 52, and 58-60, and for stating 
that claim 53 contains allowable subject matter. 

For at least the reasons discussed below, claim 53 has not been rewritten into independent 
form as Applicants believe that claim 49, from which claim 53 depends, is also allowable and that 
the amendment is unnecessary. 

Additionally, although the Action indicates claim 60 is allowable, Applicants note that claim 
60 depends from claim 54, which is rejected under 35 U.S.C. § 103(a). Applicants will assume that 
the Examiner intended to object to claim 60 as depending from a rejected claim and including 
allowable subject matter. If this assumption is incorrect, Applicants respectfully request 
examination on the merits of claim 60. 

Rejections under 35 U.S.C. § 103 

(a) On pages 2-4, the Action rejects claims 1, 2, 4-6, 18, 35, 38-40, 49, 50, 54, 56, 57, 61, 
62, 65, 66, 71, 73, and 86 under 35 U.S.C. §103(a) as being unpatentable over U.S. Patent No. 
6,425,084 to Rallis et al. (hereinafter Rallis) in view of U.S. Patent No. 5,347,580 to Molva et al. 
(hereinafter Molva). 

Claim 1 recites: "A compact personal token, comprising: a USB-compliant interface 
releaseably coupleable to a host processing device; a token memory; a token processor, 
communicatively coupled to the token memory and communicatively coupleable to the host 
processing device via the USB-compliant interface, the token processor for providing the host 
processing device conditional access to user private data stored in the token memory ; and a user 
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input device, communicatively coupled to the token processor by a path distinct from the USB- 
compliant interface, for accepting an input for processing by the token processor to signal 
authorization of a token processor operation providing access to the user private data stored in the 
token memory , the input in response to a message received in the token from the host processing 
device via the USB-compliant interface invoking the token processor operation, wherein user 
authentication occurs on the token." (emphasis added). 

In contrast, Rallis discloses a multilevel infrared (IR) type security system that prevents 
unauthorized use of a computer 10 (see Rallis, FIGs. 1 A-B, Abstract). A program resident on the 
computer 10 implements a user-validation procedure. An IR key device 20 carries a first serial 
number and an encryption key. The first serial number and the encryption key are read from the key 
device 20 during the user-validation procedure in order to gain authorized use of the computer 10 
(see Rallis, abstract, col. 2, line 45-col. 3, line 3). FIGs. 3A-B further describe the user-validation 
procedure of the program on the computer 10. The user attaches the key device 20 to the computer 
10, which reads the key device serial number and the encryption key from the key device 20 for 
comparison with a validation record stored on the computer. If the program determines a match, the 
encryption key is decrypted, and the user is prompted to enter a personal identification number 
(PIN) for comparison with the validation record. If there is a match, then a hard disk serial number 
is read and compared with a plaintext hard disk serial number of the validation record. If there is a 
match, then the user is validated to user the computer 10, otherwise, the computer 10 is shut down 
(see Rallis, FIGs. 3 A-B, col. 3, line 18 - col. 4, line 34). 

Applicants respectfully traverse the rejection as the Action fails to establish a prima facie 
case of obviousness. In order to establish a prima facie case of obviousness, three basic criteria 
must be met. First, there must be some suggestion or motivation, either in the references themselves 
or in the knowledge generally available to one of ordinary skill in the art, to modify the reference or 
to combine reference teachings. Second, there must be a reasonable expectation of success. 
Finally, the prior art reference (or references when combined) must teach or suggest all the claim 
limitations. See M.P.E.P. § 2143. 

For at least the following two reasons, the Action does not establish a prima facie case of 
obviousness to reject claim 1 based on the combined teachings of Rallis and Molva. 



24 



Application No.: 09/449,159 



Docket No.: 35997-215458 (formerly 30074.26US11) 



First, Rallis and Molva do not teach or suggest all of the claimed features. Specifically, 
Rallis and Molva do not teach or suggest "the token processor for providing the host processing 
device conditional access to user private data stored in the token memory ," (emphasis added) as 
recited in claim 1. On page 2, the Action cites column 2, lines 58-66 of Rallis for a teaching of this 
feature. However, as discussed below, Rallis discloses a system that prevents unauthorized use of a 
notebook computer 10, and does not teach or suggest authorizing a user to access data stored on a 
key device 2. On page 2, the Action equates the microcomputer 22 in the key device 20 of Rallis 
with the claimed token processor, the read only memory (ROM) 24 in the key device 20 of Rallis 
with the claimed token memory, and the notebook computer 10 of Rallis with the claimed host 
processing device. Based on how the Action equates the devices of Rallis with the claimed 
invention, the Action alleges that the microcomputer 22 of the key device 20 provides the notebook 
computer 10 conditional access to user private data stored in the ROM 24 of the key device 20. 
However, Rallis does not teach or suggest any such feature. Rather, Rallis discloses a program 
running on the notebook computer 10 that accesses a key device serial number, an encryption key, 
and a Personal Identification Number (PIN) stored in the key device 20 in a user- validation 
procedure to prevent operation of the notebook computer 10 by an unauthorized user. Rallis does 
not teach or suggest providing the notebook computer 10 conditional access to user private data 
stored on the ROM 24 of the key device 20 . The key device 20 is only for user authentication; it 
is not used to store private data. In fact, on page 2, the Action admits that "only the authorized user 
with the Pin can access the host computer system ," (emphasis added) which is referring to the 
notebook computer 10, and not the key device 20. Nowhere does Rallis teach or suggest 
authorizing access to the key device 20. Thus, Rallis does not teach or suggest "the token processor 
for providing the host processing device conditional access to user private data stored in the token 
memory," as recited in claim 1. The Action does not rely on Molva for a teaching of this claimed 
feature, and in fact, Molva does not teach or suggest this feature. Therefore, the combined 
teachings of Rallis and Molva do not teach or suggest all of the features of claim 1. 

Additionally, on pages 2-3, the Action correctly admits that Rallis does not disclose that the 
data input at the user input device is "'for processing by the [token] processor to signal 
authorization of a [token] processor operation providing access to the user private data', 'in 



25 



Application No.: 09/449,159 



Docket No.: 35997-215458 (formerly 30074.26US11) 



response to a message received in the token from the host processing device via the USB-compliant 
interface invoking the [token] processor operation "' (emphasis added). However on page 3, in 
contradiction with the above admission, the Action asserts (1) "that Rallis does disclose this, 
because Rallis discloses power and command messages from the notebook computer that contains a 
processor, and response messages from the key device(see col. 2, lines 1, lines 46-58)," and (2) that 
"the user private data of the notebook computer is not allowed to be accessed, until the user is 
validated, because Rallis discloses the key device is used in conjunction with the notebook 
computer to prevent unauthorized user's from gaining access to the notebook computer(see col. 2, 
lines 58-66)." Applicants respectfully disagree with both of these assertions. 

In response to assertion (1), even though the Action states that "Rallis discloses power and 
command messages from the notebook computer that contains a processor, and response messages 
from the key device," this assertion of exchanging messages between a notebook computer and a 
key device does not indicate how Rallis teaches or suggests the claimed features which the Action 
admits that Rallis does not disclose. Particularly, Rallis does not teach or suggest "a user input 
device ... for accepting an input for processing by the token processor to signal authorization of a 
token processor operation providing access to the user private data stored in the token memory ," as 
recited in claim 1 . 

In column 2, lines 1 and 46-58, as cited on page 3 of the Action, Rallis describes a key 
device 20 that may be connected with a notebook computer 10 for authenticating a user. A program 
on the notebook computer 10 may prompt the user to insert the key device 20 at computer power-up 
or reset (see Rallis, col. 1, lines 59-62). As discussed above, Rallis describes preventing 
unauthorized use of the notebook computer 10, and not of data stored on the key device 20. The 
microcomputer 22 on the key device 20 of Rallis does not authorize an operation providing access 
to user private data stored in the ROM 24 of the key device 20. Rather, the ROM 24 stores the key 
device serial number and the encryption key, which are loaded into the key device 20 by the 
manufacturer (see Rallis, col. 3, lines 24-29). The key device serial number and the encryption key 
are read by a program on the notebook computer 10 in a user authorization procedure (see Rallis, 
col. 3, lines 18-29). Nowhere does Rallis teach or suggest limiting access to the key device serial 
number or to the encryption key stored on the key device 20. Even in the embodiment describing a 
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fingerprint reader (see Rallis, col. 5, lines 9-21, FIG. 5 A), the system is limiting access to the 
notebook computer 10, and not to data stored in the ROM 24 of the key device 20. Thus, Rallis 
does not teach or suggest "a user input device ... for accepting an input for processing by the token 
processor to signal authorization of a token processor operation providing access to the user private 
data stored in the token memory ," as recited in claim 1 . Therefore, the assertion made in the Action 
does not describe how the missing claim features are taught by Rallis and the rejection of claim 1 is 
improper. 

In response to assertion (2), even though the Action states that "the user private data of the 
notebook computer is not allowed to be accessed, until the user is validated ... in conjunction with 
the notebook computer to prevent unauthorized" use, this assertion does not indicate how Rallis 
teaches or suggests the claimed features which the Action admits that Rallis does not disclose. 
Particularly, Rallis does not teach or suggest the input is "in response to a message received in the 
token from the host processing device via the USB-compliant interface invoking the token 
processor operation" (emphasis added) as recited in claim 1. In claim 1, the token processor 
operation is for "providing access to the user private data stored in the token memory ," and is not to 
provide access to the claimed host processing device. The above assertion is not incorrect in 
admitting that the system of Rallis prevents access to the notebook computer 10 by unauthorized 
users. However, the claimed token processor operation is to provide access to user private data 
stored in the token memory , and not to provide access to the host processing device. Thus, Rallis 
does not teach or suggest a token processor operation for "providing access to the user private data 
stored in the token memory ," as recited in claim 1. Therefore, the assertion made in the Action does 
not describe how the missing claim features are taught by Rallis and thus the rejection of claim 1 is 
improper. 

Second, Rallis and Molva do not teach or suggest "A compact personal token, comprising: . . 
. a user input device ... for accepting an input for processing by the token processor to signal 
authorization of a token processor operation providing access to the user private data stored in the 
token memory," as recited in claim 1. On page 2, the Action alleges that column 2, lines 63-67 and 
FIG. 1A of Rallis discloses that the key device 20 has a similar user input device. However, the key 
device 20 of Rallis does not include any such input device. In fact, Rallis specifically states that the 
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key device 20 does not include any "external controls" (see Rallis, col. 2, lines 46-47). The 
Personal Identification Number (PIN) of Rallis is entered into the notebook computer 10, and not 
into the key device 20 (see Rallis, col. 2, lines 63-66). Thus, Rallis does not include a token 
comprising a user input device. 

Additionally, the Action does not rely on Molva for a teaching of this claimed feature, and in 
fact, Molva does not teach or suggest this feature. Although Molva does disclose smartcards that 
authenticate the user and a button 5 to control the sequence of displays in a display 6 within a single 
authentication session (see Molva, col. 4, lines 56-58, col. 7, lines 15-19), Molva does not teach or 
suggest that the smartcard includes a user input device that accepts an input to a token processor to 
provide access to user data stored in the token. Molva teaches that the button 5 is used to control 
the sequencing of displays, and that the user does not enter any data into the smartcard 2 (see 
Molvam col. 7, lines 15-20). The information for authenticating the user is entered at the 
workstation 3 (see Molva, col. 8, lines 28-50). Thus, the button 5 of Rallis changes what is 
displayed in display 6, and manipulating the button 5 does not input data for processing by a token 
processor to signal authorization and provide access to private data stored in the token memory. 
Therefore, Rallis and Molva do not teach or suggest "A compact personal token, comprising: ... a 
user input device ... for accepting an input for processing by the token processor to signal 
authorization of a token processor operation providing access to the user private data stored in the 
token memory," as recited in claim 1. 

Thus, the combination of Rallis and Molva does not teach or suggest all of the claimed 
features of claim 1. Therefore, the Action does not establish a prima facie case of obviousness for 
rejecting claim 1, and Applicants respectfully request that the rejection of claim 1 be withdrawn. 
Accordingly, claim 1 is in condition for allowance and allowance thereof is respectfully requested. 

Claims 2 and 4-6, which depend from allowable claim 1, are also in condition for allowance 
because of their dependence on an allowable claim. 

For reasons analogous to those given for claim 1, claims 18, 35, 49, 54, 61, 71, and 86 are 
also in condition for allowance. 

Claims 38-40, which depend directly and indirectly from allowable claim 35, are also in 
condition for allowance because of their dependence on an allowable claim. 
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Claim 50, which depends from allowable claim 49, is also in condition for allowance 
because of its dependence on an allowable claim. 

Claims 56-57, which depend from allowable claim 54, are also in condition for allowance 
because of their dependence on an allowable claim. 

Claims 62, 65, and 66, which depend from allowable claim 61, are also in condition for 
allowance because of their dependence on an allowable claim. 

Claim 73, which depends from allowable claim 71, is also in condition for allowance 
because of its dependence on an allowable claim. 

(b) On pages 4-6, the Action rejects claims 7-10, 12-15, 19-26, 28-31, 34, 36, 37, 41, 43-46, 
63, 64, 67-69, 72, 74-77, 80-83, 85, 87, and 89 under 35 U.S.C. §103(a) as being unpatentable over 
Rallis and Molva, in further view of the Network World article "Buyer's Guide" to Kobielus 
(hereinafter Kobielus). 

(i) Claim 1 is in condition for allowance, as discussed above. Claims 7-10 and 12- 
15, which depend directly and indirectly from allowable claim 1, are also in condition for allowance 
because of their dependence on an allowable claim. 

(ii) Claim 18 is in condition for allowance, as discussed above. Claims 19-26, 28-31, 
and 34, which depend directly and indirectly from allowable claim 18, are also in condition for 
allowance because of their dependence on an allowable claim. 

(iii) Claim 35 is in condition for allowance, as discussed above. Claims 36, 37, 41, 
and 43-46, which depend directly and indirectly from allowable claim 35, are also in condition for 
allowance because of their dependence on an allowable claim. 

(iv) Claim 61 is in condition for allowance, as discussed above. Claims 63, 64, and 
67-69, which depend directly and indirectly from allowable claim 61, are also in condition for 
allowance because of their dependence on an allowable claim. 

(v) Claim 71 is in condition for allowance, as discussed above. Claims 72 and 74-76, 
which depend directly and indirectly from allowable claim 71, are also in condition for allowance 
because of their dependence on an allowable claim. 



29 



Application No.: 09/449,159 



Docket No.: 35997-215458 (formerly 30074.26US11) 



(vi) On page 5, the Action rejects claim 77 as being obvious in view of the combined 
teachings of Rallis, Molva, and Kobielus. Applicants respectfully disagree. 

Similar to the reasons given in the remarks on claim 1, neither Rallis nor Molva disclose 
"the token processor providing the host processing device conditional access to data storable in 
memory," as recited in claim 77. The Action does not rely on Kobielus for a teaching of this 
feature, and in fact, Kobielus does not teach or suggest this feature. Therefore, the rejection of 
claim 77 is improper and Applicants respectfully request that it be withdrawn. 

Accordingly, claim 77 is in condition for allowance and allowance thereof is respectfully 
requested. 

(vii) For reasons analogous to those given for claims 1 and 77, neither Rallis, Molva, 
nor Kobielus recite all of the features in claim 80. Accordingly, claim 80 is in condition for 
allowance and allowance thereof is respectfully requested. 

Claims 81-83, and 85, which depend from allowable claim 80, are also in condition for 
allowance because of their dependence on an allowable claim. 

(viii) Claim 86 is in condition for allowance, as discussed above. Claims 87 and 89, 
which depend from allowable claim 86, are also in condition for allowance because of their 
dependence on an allowable claim. 

(c) On page 6, the Action rejects claims 11, 27, 42, 70, and 84 under 35 U.S.C. §103(a) as 
being unpatentable over Rallis, Molva, and Kobielus, in further view of U.S. Patent No. 4,838,404 
to Smith (hereinafter Smith). 

(i) Claim 1 is allowable, as discussed above. Claim 11, which depends from 
allowable claim 1, is also in condition for allowance because of its dependence on an allowable 
claim. 

(ii) Claim 18 is allowable, as discussed above. Claim 27, which depends from 
allowable claim 18, is also in condition for allowance because of its dependence on an allowable 
claim. 
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(iii) Claim 35 is allowable, as discussed above. Claim 42, which depends from 
allowable claim 35, is also in condition for allowance because of its dependence on an allowable 
claim. 

(iv) Claim 61 is allowable, as discussed above. Claim 70, which depends from 
allowable claim 61, is also in condition for allowance because of its dependence on an allowable 
claim. 

(v) Claim 80 is allowable, as discussed above. Claim 84, which depends from 
allowable claim 80, is also in condition for allowance because of its dependence on an allowable 
claim. 

Accordingly, claims 1, 2, 4-15, 18-31, 34-46, 49-54, 56-77, 80-87, and 89 are in condition 
for allowance and allowance thereof is respectfully requested. 
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Conclusion 

All of the stated grounds of objection and rejection have been properly traversed, 
accommodated, or rendered moot. Applicants therefore respectfully request that the Examiner 
reconsider all presently outstanding objections and rejections and that they be withdrawn. 
Applicants believe that a full and complete reply has been made to the outstanding Office Action 
and, as such, the present application is in condition for allowance. If the Examiner believes, for any 
reason, that personal communication will expedite prosecution of this application, the Examiner is 
hereby invited to telephone the undersigned at the number provided. 

Prompt and favorable consideration of this Amendment is respectfully requested. 
Date: CTiJUj M t Respectfully submitted, 

B y <&/t*o . 



Edward W. Yee 

Registration No.: 47,294 
VENABLE LLP 
P.O. Box 34385 
Washington, DC 20043-9998 
(202) 344-4000 
(202) 344-8300 (fax) 
Attorney For Applicant 

#655332 



32 



